Get on board with CPOE. Almost two-thirds of U.S. hospitals have yet to install a computerized physician order entry system, according to HIMSS Analytics, even though studies strongly suggest they reduce the cost of care and improve its quality.
But the problem with much of this research is that it's been done in large academic centers. Most patient care in the U.S. is delivered in community hospitals and group medical practices, so it's only natural for IT executives in those settings to think twice about the huge capital investment CPOE entails.
The Massachusetts Hospital CPOE Initiative (MHCI) has addressed the cost issue as it applies to community hospitals. That initiative, which generated the Clinical Baseline and Financial Impact Study, did an in-depth analysis of six Massachusetts community hospitals, looking at 4,200 charts to see if a CPOE system could prevent adverse drug reactions and reduce the use of unnecessary medications and lab tests. The latest MHCI stats, from 2008, found that a CPOE program would pay for itself for the average community hospital in about 26 months.
[ Is it time to re-engineer your clinical decision support system? See 10 Innovative Clinical Decision Support Programs. ]
Step it up on security. Security experts say it's not a question of if your organization's patient data will get breached, but when. If that's the case, your goal for 2013 must include a program to minimize the danger, including regular risk analyses.
A recent data breach at Massachusetts Eye and Ear Infirmary (MEEI) and Massachusetts Eye and Ear Associates drives this point home. The provider agreed to pay a $1.5 million fine to the Department of Health and Human Services, after allegations were made that it failed to comply with certain HIPAA rules that govern the security of individually identifiable health information.
The provider's failure to conduct a risk analysis was "the big thing" highlighted by the feds, notes Chad Boeckmann, president of Secure Digital Solutions. "For quite some time, they weren't maintaining these requirements or being proactive. It's about maintaining due diligence."
According to the latest privacy and security study by Ponemon/ID Experts, 81% of organizations let employees use their own mobile devices to access patient information, but 46% admit to "doing nothing at all to ensure BYOD is secure."
That's mind boggling. It's hard to exaggerate the danger of such lax security policies. If your IT staff isn't up to the task, find the money to hire an outside firm. It will cost you a lot more to manage the fallout from a data breach than it will to prevent one.
Update your EHR. If you were one of the early adopters, chances are your EHR system is showing its age, unless you've contracted with a vendor for state-of-the art upgrades. So it may be time to consider switching or upgrading.
More than 600 EHRs are certified as meeting the criteria needed to qualify for Meaningful Use financial incentives. Finding the right vendor in this maze isn't easy. One thing to keep in mind: Be realistic about how much technical support you will need after the system is installed and how much support you will actually get from overcommitted vendors.
Most successful medical practices don't rely solely on their EHR vendors, says Mark Wagner, senior research director for health IT advisory firm KLAS. They supplement the vendor's resources with competent staff of their own, and sometimes with third parties to fill the gaps.
Dig into clinical decision support.. Diagnostic mistakes are responsible for about 15% of errors that harm patients, according to The Institute of Medicine. Similarly, almost one of three cancer patients in the U.S. gets the wrong diagnosis, and the wrong treatment.
If your IT team isn't digging into statistics such as these, 2013 is the right time to look at a CDS system. Among the tools to consider: Isabel, put out by Isabel Healthcare, Dxplain, UptoDate, and Elsevier's ClinicalKey.
Hire more data analysts. Almost every CIO I speak with laments the talent shortage in healthcare IT. And with the push to do more big data analytics and get started in population health management, top-flight analysts are no longer a "nice-to-have" but a must-have.
Some of the best advice I've seen on keeping this resolution comes from two members of InformationWeek Healthcare's advisory board:
Stephanie Reel, CIO at Johns Hopkins University, says that in order to attract and retain talented IT managers "... it's important to pay attention to your employees and ensure them some rational quality of life if you can." Similarly, Dan Drawbaugh, CIO at University of Pittsburgh Medical Center, recently outlined UPMC's retention effort, which includes special technology training programs, off-site work arrangements, flexible workweeks, employment contracts and redesigned working environments.
Clinical, patient engagement, and consumer apps promise to re-energize healthcare. Also in the new, all-digital Mobile Power issue of InformationWeek Healthcare: Comparative effectiveness research taps the IT toolbox to compare treatments to determine which ones are most effective. (Free registration required.)